INFORMATION SECURITY MANAGEMENT WORKFLOW
The information security management workflow automates and integrates the various modules of e-Safe Compliance. It is based on ISO 27001. It ensures the process to institutionalise security using e-Safe Compliance modules is in place. The workflow helps to define different roles and the flow of information from definition, incident capture and classification, and case management to closure.
The different roles include information reviewer, information owner, chief security officer, administrator, departmental information owner, etc. Using the different roles and responsibilities, the workflow ensures that any dubious transaction done by a user is reported to the user’s manager (the information owner) along with the security personnel. This mechanism of reporting to the users who actually understand the information ensures that staff do not misuse information. Furthermore, to ensure that the information owners are not stealing sensitive information, the usage reports are centrally audited by the security department (or similar).
A high-level diagram of the checks and balances within e-Safe Compliance is shown in figure 1 below:
Figure 1 – Information Security Management System Workflow